FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache22 -- chunk header parsing defect

Affected packages
apache22 <= 2.2.29_5
apache22-event-mpm <= 2.2.29_5
apache22-itk-mpm <= 2.2.29_5
apache22-peruser-mpm <= 2.2.29_5
apache22-worker-mpm <= 2.2.29_5

Details

VuXML ID 29083f8e-2ca8-11e5-86ff-14dae9d210b8
Discovery 2015-06-24
Entry 2015-07-17

Apache Foundation reports:

CVE-2015-3183 core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.

[source]

References

CVE Name CVE-2015-3183
URL http://www.apache.org/dist/httpd/Announcement2.2.html
URL https://github.com/apache/httpd/commit/29779fd08c18b18efc5e640d74cbe297c7ec007e

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.